<?php
	$query  = "SELECT * from users where id='" . $id . "'";
	$result = mysql_query($query);
  $profileinfo = mysql_fetch_array($result);


	if (($profileinfo['status'] & $STA_ADMIN) || ($profileinfo['status'] & $STA_MOD)) {
	
		if ($_REQUEST['mod']=='pm') {
			if ($_REQUEST['delete']){
				$deleteme = escapestr($_REQUEST['delete']);
				$query  = "DELETE from comments where id='$deleteme'";
				$result = mysql_query($query);
				if ($result){ 
					$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_deleted"),GetLangString($lang,"msg_deleted"));
				} else { 
					$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
				}	
			}
		
			if ($_REQUEST['photodelete']){
				$deleteme = escapestr($_REQUEST['delete']);
			$query  = "DELETE from photo_comments where id='$deleteme'";
				$result = mysql_query($query);
				if ($result){ 
					$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_deleted"),GetLangString($lang,"msg_deleted"));
				} else { 
					$SITE_MIDDLE .=FormatElement(GetLangString($lang,"txt_error"),GetLangString($lang,"msg_dberror"));
				}	
			}


			

	
			$query	=	"SELECT * from comments";

			$result = mysql_query($query);
			if (mysql_num_rows($result)){ 
			while ($comment = mysql_fetch_array($result)) {
	 
			$query        = "SELECT * from users where id='".$comment['from']."'";
			$result_name	= mysql_query($query);
			if (mysql_num_rows($result_name)){ 
				$profile_info=mysql_fetch_array($result_name);
				$from = "<a href=\"index.php?do=profile&profile_id=".$profile_info['id']."\">".$profile_info['name']."</a><br>";
				$from .= GetStatusImg($profile_info['status']);					
				$from .= "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$profile_info['photo']."\" title=\"".$profile_info['name']."\">";
			} else $from = GetLangString($lang,"txt_unknown");
			
	
	
			$query        = "SELECT * from users where id='".$comment['to']."'";
			$result_name	= mysql_query($query);
			if (mysql_num_rows($result_name)){ 
				$profile_info=mysql_fetch_array($result_name);
				$to = "<a href=\"index.php?do=profile&profile_id=".$profile_info['id']."\">".$profile_info['name']."</a><br>";
				$to .= GetStatusImg($profile_info['status']);					
				$to .= "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$profile_info['photo']."\" title=\"".$profile_info['name']."\">";
			} else $to = GetLangString($lang,"txt_unknown");
	
	
	
			$time = date("d-m-Y H:i:s",$comment['time']);
			$text = text2html(bb2html($comment['text']));
	
			if ($comment['type']==0 or $comment['type']==1 ) 
			$COMMENTS = "<tr>
				<td align=\"center\" width=\"125\" valign=\"top\">
				".GetLangString($lang,"txt_from")."<br>$from<br>$time<br><b>$status</b><br></td>
				<td align=\"center\" width=\"125\" valign=\"top\">
				".GetLangString($lang,"txt_to")."<br>$to<br>			<a href=\"index.php?do=mod&mod=pm&delete=".$comment['id']."\" >".GetLangString($lang,"txt_delete")."</a>
	<br><b>$status</b><br>
				</td>	<td valign=\"top\">$text</td></tr>$COMMENTS"; else 
			if ($comment['type']==2 or $comment['type']==3 ) 					
			$PMS = "<tr>
				<td align=\"center\" width=\"125\" valign=\"top\">
				".GetLangString($lang,"txt_from")."<br>$from<br>$time<br><b>$status</b><br></td>
				<td align=\"center\" width=\"125\" valign=\"top\">
				".GetLangString($lang,"txt_to")."<br>$to<br>			<a href=\"index.php?do=mod&mod=pm&delete=".$comment['id']."\" >".GetLangString($lang,"txt_delete")."</a>
	<br><b>$status</b><br>
				</td>	<td valign=\"top\">$text</td></tr>$PMS";
			}
		} 



			$query	=	"SELECT * from photocomments";

			$result = mysql_query($query);
			if (mysql_num_rows($result)){ 
			while ($comment = mysql_fetch_array($result)) {
	
				$query2  = "SELECT `access` from `photos` where `id`='".$comment['to']."'";
				$result2 = mysql_query($query2);
				if (mysql_num_rows($result2))	$access = mysql_result($result2,0); 
				if (($_REQUEST['personal'])||($access!=2)) { 
					$query        = "SELECT * from users where id='".$comment['from']."'";
					$result_name	= mysql_query($query);
					if (mysql_num_rows($result_name)){ 
						$profile_info=mysql_fetch_array($result_name);
						$from = "<a href=\"index.php?do=profile&profile_id=".$profile_info['id']."\">".$profile_info['name']."</a><br>";
						$from .= GetStatusImg($profile_info['status']);					
						$from .= "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$profile_info['photo']."\" title=\"".$profile_info['name']."\">";
					} else $from = GetLangString($lang,"txt_unknown");
					$text = bb2html($comment['text']);
		
					$to = "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$comment['to']."\">";
					$PHOTOCOMMENTS = "<tr>
						<td align=\"center\" width=\"125\" valign=\"top\">
						".GetLangString($lang,"txt_from")."<br>$from<br>$time<br><b>$status</b><br></td>
						<td align=\"center\" width=\"125\" valign=\"top\">
						".GetLangString($lang,"txt_to")."<br>$to<br>			<a href=\"index.php?do=mod&mod=pm&photodelete=".$comment['id']."\" >".GetLangString	($lang,"txt_delete")."</a>
			<br><b>$status</b><br>
						</td>	<td valign=\"top\">$text</td></tr>$PHOTOCOMMENTS"; 
					}
				}
			}
		$PMS 			= "<table border=\"1\" width=\"100%\">$PMS</table>";
		$COMMENTS =  "<table border=\"1\" width=\"100%\">$COMMENTS</table>";
		$PHOTOCOMMENTS =  "<table border=\"1\" width=\"100%\">$PHOTOCOMMENTS</table>";		
		if ($_REQUEST['personal']) $SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_pms")			,$PMS);
		//the moderator should not see personal messages, but added the option just in case
		//for example when some member is harrasing another member, we should be able to check
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_comments")	,$COMMENTS);
		$SITE_MIDDLE .= FormatElement(GetLangString($lang,"txt_photocomments")	,$PHOTOCOMMENTS);

	} else 
	if ($_REQUEST['mod']=='photo') {

//---- begin public photos
		
		$query      = "SELECT * from photos where `access`=0";
		$result 		=	 mysql_query($query);
		if (mysql_num_rows($result)) {
			while ($photoinfo = mysql_fetch_assoc($result)){
			$photos =      "<div class=\"photothumb\"><a href=\"/index.php?do=viewphoto&photo_id=".$photoinfo['id']."\">
											<img border=\"0\" src=\"index.php?do=getphoto&square=1&size=100&id=".$photoinfo['id']."\" title=\"".
											$photoinfo['title']."\"></a></div>$photos";
			unset($photoinfo);
			}
		$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_publicphotoalbum" ) ,  GetLangString ( $lang, "msg_publicphotoalbum" ) . "<br>$photos"); 
		unset($photos);		
		} else {
			$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_publicphotoalbum" ) ,  GetLangString ( $lang, "msg_publicphotoalbumempty" ));
		} 
		

//---- begin friend photos

		$query      = "SELECT * from photos where `access`=1";
		$result 		=	 mysql_query($query);
		if (mysql_num_rows($result)) {
			while ($photoinfo = mysql_fetch_assoc($result)){
			$photos =      "<div class=\"photothumb\"><a href=\"/index.php?do=viewphoto&photo_id=".$photoinfo['id']."\">
											<img border=\"0\" src=\"index.php?do=getphoto&square=1&size=100&id=".$photoinfo['id']."\" title=\"".
											$photoinfo['title']."\"></a></div>$photos";
			unset($photoinfo);
			}
				$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_friendphotoalbum" ) ,  GetLangString ( $lang, "msg_friendphotoalbum" ) . "<br>$photos");
			} else {
				$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_friendphotoalbum" ) ,  GetLangString ( $lang, "msg_friendphotoalbumempty" ));
			}
		
		unset ($photos);
		if ($_REQUEST['personal']) {
			$query      = "SELECT * from photos where `access`=2";
			$result 		=	 mysql_query($query);
			if (mysql_num_rows($result)) {
				while ($photoinfo = mysql_fetch_assoc($result)){
					$photos =      "<div class=\"photothumb\"><a href=\"/index.php?do=viewphoto&photo_id=".$photoinfo['id']."\">
												<img border=\"0\" src=\"index.php?do=getphoto&square=1&size=100&id=".$photoinfo['id']."\" title=\"".
												$photoinfo['title']."\"></a></div>$photos";
					unset($photoinfo);
				}
			$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_privatephotoalbum" ) ,  GetLangString ( $lang, "msg_privatephotoalbum" ) . "<br>$photos");
		} else {
			$SITE_MIDDLE .= FormatElement ( GetLangString ( $lang, "txt_privatephotoalbum" ) ,  GetLangString ( $lang, "msg_privatephotoalbumempty" ));
		}
		
	}



} else {

		$SITE_MIDDLE .=  FormatSmallElement ( GetLangString ($lang, "txt_modpanel") , 
		"<center><table border=\"0\" width=\"75%\"><tr><td align=\"center\" valign=\"top\" width=\"50%\">". 
		FormatLink(GetLangString($lang,"txt_modpm"),	GetLangString($lang,"msg_modpms"),		"index.php?do=mod&mod=pm").
		"</td><td align=\"center\"  valign=\"top\">".			
		FormatLink(GetLangString($lang,"txt_modphoto"),	GetLangString($lang,"msg_modphoto"),		"index.php?do=mod&mod=photo").

		"</td></tr></table></center>");

	}


} 
?>
